15 matches found
CVE-2026-42870 WeGIA: Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...
CVE-2025-62177
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...
CVE-2025-62177
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...
EUVD-2025-34109
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...
CVE-2025-62177 WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php`
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...
CVE-2025-62177
WeGIA (open source Web Manager for Institutions) versions prior to 3.5.1 are affected by a SQL Injection in the endpoint /html/funcionario/dependente_listar.php via the id_funcionario parameter. The vulnerability could allow attackers to execute arbitrary SQL commands, threatening confidentiality...
PT-2025-41815
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.1 Description WeGIA is a Web Manager for Institutions. A SQL Injection issue exists in the /html/funcionario/dependente listar.php API endpoint, specifically through the id funcionario parameter. Successful...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.4.10, which stems from an SQL injection in the idfuncionario parameter in the /html/funcionario/dependenteremover.php endpoint, which could lea...
PT-2025-34248 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.10 Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability exists in the /html/funcionario/dependente remover.php endpoint, specifically in the id funcionario parameter. This...
WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17288)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the idfuncionario parameter in the cadastrodependentepessoanova.php endpoint, for which no detailed...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of the idfuncionario parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
WeGIA 跨站脚本漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the idfuncionario parameter in the cadastrodependentepessoanova.php endpoint, for which no detailed...
WeGIA SQL Injection Vulnerability (CNVD-2025-22279)
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of the idfuncionario parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of the idfuncionario parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...
WeGIA 安全漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA versions prior to 3.2.0, which stems from vulnerability to SQL injection attacks on the idfuncionario parameter in /funcionario/remuneracao.php...